Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #93501

Re: Searching for a usable X509 implementation

From Laura Creighton <lac@openend.se>
Subject Re: Searching for a usable X509 implementation
References <46c64c5f-e5b5-4865-83e0-2474ebe4f8bd@googlegroups.com><201507050027.t650RMAp021068@theraft.openend.se>
Date 2015-07-05 07:33 +0200
Newsgroups comp.lang.python
Message-ID <mailman.296.1436074403.3674.python-list@python.org> (permalink)

Show all headers | View raw

In a message of Sun, 05 Jul 2015 02:27:22 +0200, Laura Creighton writes:
>In a message of Fri, 03 Jul 2015 17:11:10 -0700, Dennis Jacobfeuerborn writes:
>>Hi,
>>I'm trying to implement certificate functionality in a python app but after fighting with pyOpenSSL and M2Crypto I'm thinking about writing wrapper functions for the OpenSSL command line tool instead or switching the app to another language all together.
>>
>>Apparently PyOpenSSL has no way to save a public key to a file which is baffling. M2Crypto has that ability but apparently no usable way to verify a certificate?
>
>PyOpenSSL does, you must have missed it when looking.
>You are looking for OpenSSL.crypto.dump_certificate(type, cert)
>    Dump the certificate cert into a buffer string encoded with the type type.
>
>Laura 

Excuse me.  I misunderstood your mail.  You only want to save the
public key, and not a certificate or a certificate request.

I don't see a way to do this in PEM or ASN.1 format.

For an RSA key in PEM format you can do:
from OpenSSL.crypto import _new_mem_buf, _lib, _bio_to_string

def dump_rsa_public_key(pkey):
    bio = _new_mem_buf()
    result = _lib.PEM_write_bio_RSAPublicKey(bio, _lib.EVP_PKEY_get1_RSA(pkey._
pkey))
    # if result == 0: ERROR!  Figure out what you want to do here ...
    return _bio_to_string(bio)

There are similar things for other formats and DSA keys.  

The original version of PyOpenSSL was written by Martin Sjögren, when
he was working for me, and we had no need for such a thing at the time,
since we just saved full certificates.  You are right that it is very
odd that nobody else has needed them since then, and this probably
should be added to PyOpenSSL.

Laura

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Searching for a usable X509 implementation Dennis Jacobfeuerborn <djacobfeuerborn@gmail.com> - 2015-07-03 17:11 -0700
  Re: Searching for a usable X509 implementation Laura Creighton <lac@openend.se> - 2015-07-05 02:27 +0200
  Re: Searching for a usable X509 implementation Laura Creighton <lac@openend.se> - 2015-07-05 07:33 +0200
    Re: Searching for a usable X509 implementation Johannes Bauer <dfnsonfsduifb@gmx.de> - 2015-07-06 21:24 +0200

csiph-web